Package org.springframework.security.web.servletapi

Class SecurityContextHolderAwareRequestFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class SecurityContextHolderAwareRequestFilter
extends org.springframework.web.filter.GenericFilterBean
    A Filter which populates the ServletRequest with a request wrapper which implements the servlet API security methods.

    SecurityContextHolderAwareRequestWrapper is extended to provide the following additional methods:

    • HttpServletRequest.authenticate(HttpServletResponse) - Allows the user to determine if they are authenticated and if not send the user to the login page. See setAuthenticationEntryPoint(AuthenticationEntryPoint).
    • HttpServletRequest.login(String, String) - Allows the user to authenticate using the AuthenticationManager. See setAuthenticationManager(AuthenticationManager).
    • HttpServletRequest.logout() - Allows the user to logout using the LogoutHandlers configured in Spring Security. See setLogoutHandlers(List).
    • AsyncContext.start(Runnable) - Automatically copy the SecurityContext from the SecurityContextHolder found on the Thread that invoked AsyncContext.start(Runnable) to the Thread that processes the Runnable.

    • Field Summary

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void afterPropertiesSet()  
      void doFilter​(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)  
      void setAuthenticationEntryPoint​(AuthenticationEntryPoint authenticationEntryPoint)
      Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs.
      void setAuthenticationManager​(org.springframework.security.authentication.AuthenticationManager authenticationManager)
      Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs.
      void setLogoutHandlers​(java.util.List<LogoutHandler> logoutHandlers)
      Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs.
      void setRolePrefix​(java.lang.String rolePrefix)  
      void setTrustResolver​(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
      Sets the AuthenticationTrustResolver to be used.

      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SecurityContextHolderAwareRequestFilter

        public SecurityContextHolderAwareRequestFilter()

    • Method Detail

      • setRolePrefix

        public void setRolePrefix​(java.lang.String rolePrefix)

      • setAuthenticationEntryPoint

        public void setAuthenticationEntryPoint​(AuthenticationEntryPoint authenticationEntryPoint)

        Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when HttpServletRequest.authenticate(HttpServletResponse) is called and the user is not authenticated.

        If the value is null (default), then the default container behavior will be be retained when invoking HttpServletRequest.authenticate(HttpServletResponse) .

        Parameters:
        authenticationEntryPoint - the AuthenticationEntryPoint to use when invoking HttpServletRequest.authenticate(HttpServletResponse) if the user is not authenticated.

      • setAuthenticationManager

        public void setAuthenticationManager​(org.springframework.security.authentication.AuthenticationManager authenticationManager)

        Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when HttpServletRequest.login(String, String) is invoked to determine if the user is authenticated.

        If the value is null (default), then the default container behavior will be retained when invoking HttpServletRequest.login(String, String).

        Parameters:
        authenticationManager - the AuthenticationManager to use when invoking HttpServletRequest.login(String, String)

      • setLogoutHandlers

        public void setLogoutHandlers​(java.util.List<LogoutHandler> logoutHandlers)

        Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs. Specifically it will be used when HttpServletRequest.logout() is invoked in order to log the user out. So long as the LogoutHandlers do not commit the HttpServletResponse (expected), then the user is in charge of handling the response.

        If the value is null (default), the default container behavior will be retained when invoking HttpServletRequest.logout().

        Parameters:
        logoutHandlers - the List&lt;LogoutHandler&gt;s when invoking HttpServletRequest.logout().

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • afterPropertiesSet

        public void afterPropertiesSet()
                        throws javax.servlet.ServletException
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Overrides:
        afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean
        Throws:
        javax.servlet.ServletException

      • setTrustResolver

        public void setTrustResolver​(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
        Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.
        Parameters:
        trustResolver - the AuthenticationTrustResolver to use. Cannot be null.